Also, what code? 

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Michael Grinnell
Sent: Wednesday, July 25, 2007 11:11 AM
To: [log in to unmask]
Subject: Re: DHCP reply not passing back through OOB server

On Jul 25, 2007, at 2:00 PM, Bill Davis wrote:

> We have converted an In-Band Real-IP gateway server that acted as a 
> DHCP  server to an Out-of-band Virtual Gateway mode utilizing an 
> external DHCP  server on the CCA Manager subnet.
>
> The replies from our DHCP server are not passing back through the 
> OOB-VG server.  Does anyone have any ideas on what to check?
>
> I can see the request arrive on the Cat-6509 side of the untrusted 
> interface and go out the Cat-6509 side of the trusted interface.
> I see the DHCP server reply to the correct MAC address of the client 
> with an issued IP address.  The reply goes out of the Cat-6509 
> interface to the trusted interface of the OOB server, but I do not see

> the reply leave the untrusted interface and arrive on the
> Cat-6509 interface.
>
> All worked well in the test lab on a spare Cat router, and the 
> configuration of the production and test servers appear identical, 
> other than the production systems are failover bundles, not 
> standalone.
>
> If I assign a static IP, the system is able to log into Clean Access 
> as expected for OOB-VG mode.
>
> Any ideas?
>
> Thanks!
>
> -Bill Davis
> [log in to unmask]
> Colorado State University


What brand of server are you using?  This sounds similar to the HP issue
we saw with 4.0.0 last year.

Michael Grinnell
Network Security Administrator
The American University